Friday, November 15, 2024
HomeMalwareHackers Steals Facebook Account Details Using Android Malware

Hackers Steals Facebook Account Details Using Android Malware

Published on

New Android malware discovered that steals Facebook credentials, account details such as username and Passwords and other information directly from users devices.

This Malware mainly targeting the Asian Pacific-based English speaking users and it spreading via the third-party market.

This new credential stealer contains a lot of aggressive function and malware author using new sophisticated functionality to compromise the victim’s device and steal the credentials.

- Advertisement - SIEM as a Service

Also Read: A Facebook Vulnerability that Allows to Reveals the Facebook Page Admin Identity

How does this Malware steal Facebook Details

Once this Malware infects the victims initially it hide from the home screen and silently running in the background.

It will check the infected devices Facebook account by submitting the infected mobiles IMEI number to the attacker via command and control server.

If the malware did not collect any details regards the infected device Facebook account, it will very the apps list whether or not Facebook app installed.

Once it did not find the app then the malware launch the fake Facebook interface to compromise the victims and steal the victim’s original username and password.

This malware keeps display this interface until it successfully collects the Facebook credentials by using the JavaScript from a hidden WebView, the threat silently logs into the compromised Facebook account.

In this case, it also checks whether CAPTCHA is presented or not. if yes then it sends the event to the C&C server, clears caches and cookies, and retries later.

According to Symantec, Once the malware is logged into the Facebook page, it can leverage a wide range of capabilities to follow links and scrape the personal data of the victim and their friends, sending it back to the C&C server. This includes:
General top-level data: Facebook account, user, password, device IMEI
Profile: Work, education, location, contacts, basic info, nicknames, relationships, family, bio
Activities: Check in, events, friends, groups, likes, pages, posts

This malware using the functionality that crawls the Facebook page has a surprising level of sophistication. and the crawler has an ability to crawl the search and collect the Facebook search.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...